WSGISocketPrefix run/wsgi
#WSGIRestrictStdout On
WSGIRestrictSignal Off
WSGIPythonOptimize 1
WSGIPassAuthorization On
WSGIDaemonProcess pagure user=git group=git maximum-requests=1000 display-name=pagure processes=10 threads=6 inactivity-timeout=300
WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-name=paguredocs processes=4 threads=4 inactivity-timeout=300

Protocols h2 h2c http/1.1

ServerLimit 1500
MaxRequestWorkers 1500
MaxConnectionsPerChild 1000

## Redirects http -> https

<VirtualHost *:80>
{% if env == 'pagure-staging' %}
  ServerName stg.pagure.io
  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
  Redirect permanent / https://stg.pagure.io/
{% else %}
  ServerName pagure.io
  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
  Redirect permanent / https://pagure.io/
{% endif %}
</VirtualHost>

<VirtualHost *:80>
{% if env == 'pagure-staging' %}
  ServerName docs.stg.pagure.org
  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
  Redirect permanent / https://docs.stg.pagure.org/
{% else %}
  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
  ServerName docs.pagure.org
  Redirect permanent / https://docs.pagure.org/
{% endif %}
</VirtualHost>

<VirtualHost *:80>
{% if env == 'pagure-staging' %}
  ServerName releases.stg.pagure.org
  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
  Redirect permanent / https://releases.stg.pagure.org/
{% else %}
  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
  ServerName releases.pagure.org
  Redirect permanent / https://releases.pagure.org/
{% endif %}
</VirtualHost>

<VirtualHost *:80>
{% if env == 'pagure-staging' %}
  ServerName stg.pagure.org
  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
  Redirect permanent / https://releases.stg.pagure.org/
{% else %}
  ServerName pagure.org
  #Redirect permanent / https://releases.pagure.org/
  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
{% endif %}

# Added until we can get the cert out
  DocumentRoot "/var/www/releases"

  <Directory />
    Options +Indexes
    IndexOptions NameWidth=*
  </Directory>

</VirtualHost>



## End of redirects http -> https


<VirtualHost *:443>
{% if env == 'pagure-staging' %}
  ServerName stg.pagure.io
{% else %}
  ServerName pagure.io
{% endif %}
  TimeOut 600

  Alias "/robots.txt" "/var/www/html/robots.txt"

  WSGIScriptAlias / /var/www/pagure.wsgi

  ServerAdmin admin@fedoraproject.org

  SSLEngine on
  SSLProtocol {{ ssl_protocols }}
  SSLCipherSuite {{ ssl_ciphers }}
  # Use secure TLSv1.1 and TLSv1.2 ciphers
  Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

{% if env == 'pagure-staging' %}
  SSLCertificateFile /etc/pki/tls/certs/stg.pagure.io.cert
  SSLCertificateChainFile /etc/pki/tls/certs/stg.pagure.io.intermediate.cert
  SSLCertificateKeyFile /etc/pki/tls/private/stg.pagure.io.key
{% else %}
  SSLCertificateFile /etc/pki/tls/certs/pagure.io.cert
  SSLCertificateChainFile /etc/pki/tls/certs/pagure.io.intermediate.cert
  SSLCertificateKeyFile /etc/pki/tls/private/pagure.io.key
{% endif %}

  SetEnv GIT_PROJECT_ROOT /srv/git/repositories

  <Location />
   WSGIProcessGroup pagure
   <IfModule mod_authz_core.c>
      # Apache 2.4
      Require all granted
   </IfModule>
   <IfModule !mod_authz_core.c>
      # Apache 2.2
      Order deny,allow
      Allow from all
   </IfModule>
  </Location>

  <Location /releases>
{% if env == 'pagure-staging' %}
  Redirect "/releases" https://releases.stg.pagure.org
{% else %}
  Redirect "/releases" https://releases.pagure.org
{% endif %}
  </Location>

  # Drop distributed web hits
  RewriteEngine On
  RewriteCond %{REQUEST_URI} ^/fedora-web/websites$
  RewriteRule .* - [F]

  <Location /apache-status>
      SetHandler server-status
      <RequireAny>
          Require ip 127.0.0.1
          Require ip ::1
          Require host localhost
      </RequireAny>
  </Location>

</VirtualHost>


<VirtualHost *:443>
{% if env == 'pagure-staging' %}
  ServerName stg.pagure.org
{% else %}
  ServerName pagure.org
{% endif %}

  SSLEngine on
  SSLProtocol {{ ssl_protocols }}
  SSLCipherSuite {{ ssl_ciphers }}
  # Use secure TLSv1.1 and TLSv1.2 ciphers
  Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

{% if env == 'pagure-staging' %}
  SSLCertificateFile /etc/pki/tls/certs/stg.pagure.io.cert
  SSLCertificateChainFile /etc/pki/tls/certs/stg.pagure.io.intermediate.cert
  SSLCertificateKeyFile /etc/pki/tls/private/stg.pagure.io.key
{% else %}
  SSLCertificateFile /etc/pki/tls/certs/pagure.io.cert
  SSLCertificateChainFile /etc/pki/tls/certs/pagure.io.intermediate.cert
  SSLCertificateKeyFile /etc/pki/tls/private/pagure.io.key
{% endif %}
{% if env == 'pagure-staging' %}
  Redirect permanent / https://stg.pagure.io/
{% else %}
  Redirect permanent / https://pagure.io/
{% endif %}
</VirtualHost>


<VirtualHost *:443>
{% if env == 'pagure-staging' %}
  ServerName docs.stg.pagure.org
{% else %}
  ServerName docs.pagure.org
{% endif %}

  WSGIScriptAlias / /var/www/docs_pagure.wsgi

  SSLEngine on
  SSLProtocol {{ ssl_protocols }}
  SSLCipherSuite {{ ssl_ciphers }}
  # Use secure TLSv1.1 and TLSv1.2 ciphers
  Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

{% if env == 'pagure-staging' %}
  SSLCertificateFile /etc/pki/tls/certs/stg.pagure.io.cert
  SSLCertificateChainFile /etc/pki/tls/certs/stg.pagure.io.intermediate.cert
  SSLCertificateKeyFile /etc/pki/tls/private/stg.pagure.io.key
{% else %}
  SSLCertificateFile /etc/pki/tls/certs/pagure.io.cert
  SSLCertificateChainFile /etc/pki/tls/certs/pagure.io.intermediate.cert
  SSLCertificateKeyFile /etc/pki/tls/private/pagure.io.key
{% endif %}

  # redirects for sssd docs. 
  # https://pagure.io/fedora-infrastructure/issue/8995
  RedirectMatch ^/SSSD.sssd$             https://sssd.io
  RedirectMatch ^/SSSD.sssd/$            https://sssd.io
  RedirectMatch ^/SSSD.sssd/index.html   https://sssd.io/index.html
  RedirectMatch ^/SSSD.sssd/(.*)         https://sssd.io/docs/$1

  <Location />
    WSGIProcessGroup paguredocs
    <IfModule mod_authz_core.c>
      # Apache 2.4
      Require all granted
    </IfModule>
    <IfModule !mod_authz_core.c>
      # Apache 2.2
      Order deny,allow
      Allow from all
    </IfModule>
   </Location>
</VirtualHost>

<VirtualHost *:443>
  DocumentRoot "/var/www/releases"
{% if env == 'pagure-staging' %}
  ServerName releases.stg.pagure.org
  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certs/stg.pagure.io.cert
  SSLCertificateKeyFile /etc/pki/tls/private/stg.pagure.io.key
  SSLCertificateChainFile /etc/pki/tls/certs/stg.pagure.io.intermediate.cert
  SSLHonorCipherOrder On
  SSLProtocol {{ ssl_protocols }}
  SSLCipherSuite {{ ssl_ciphers }}
{% else %}
  ServerName releases.pagure.org
  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certs/pagure.io.cert
  SSLCertificateKeyFile /etc/pki/tls/private/pagure.io.key
  SSLCertificateChainFile /etc/pki/tls/certs/pagure.io.intermediate.cert
  SSLHonorCipherOrder On
  SSLProtocol {{ ssl_protocols }}
  SSLCipherSuite {{ ssl_ciphers }}
{% endif %}

  AddType application/octet-stream msi

  <Directory />
    Options +Indexes
    IndexOptions NameWidth=*
  </Directory>

</VirtualHost>

